Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-10191: Tenda W12: Malicious Remote Code Execution via WiFi Filter
CVE-2026-10191
Summary
A security flaw in the Tenda W12 router's WiFi filter settings allows an attacker to remotely execute malicious code on the device. This could potentially allow unauthorized access to the router or the network it's connected to. Update the router's firmware to the latest version to fix this issue.
Original title
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes...
Original description
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 31 May 2026 · Updated: 31 May 2026 · First seen: 31 May 2026